Posted on July 4, 2020 at 12:34 PM
A recent report reveals that about half a million owners of Mercedes, Hyundai, and BMW were targets of a massive data breach.
The report from KELA, a darknet intelligence firm based in Tel Aviv, revealed that the hackers were able to steal the information of about 400,000 BMW customers in the U.K. and offered them for sale on the dark web. They are offering the stolen details on the online black market to the highest bidder. The hackers responsible for this breach claimed to be a group known as KelvinSecurity
The stolen database contains lots of sensitive data
SC Magazine, while reporting about the hacking incident, revealed that the database sent to the darknet contains a whole lot of sensitive data. These include details such as surnames and initials of the car owners, their email address and home address, and car registration information as well as the names of dealerships.
The hackers responsible for the data breach were able to steal the data through a call center that collaborates with some car manufacturers.
According to the report, there were about 500,000 customer records in the stolen database, which dates back from 2016 to 2018. Although the majority of the details were from U.K. based owners of BWM car, others affected also include owners of Hyundai, Honda, SEAT, and Mercedes vehicles.
In a phone call to SC Magazine, one of the KELA researchers gave details on how the hacking syndicate constantly sells stolen data on the darknet. For instance, it was revealed that the past month, the hacking group sold 16 databases containing the personal details of some U.S. government contractors. The database also contains information about weapons produced by the Russian armed forces.
The hacking group has been active on dark forums
Apart from trying to make money via the marketing of stolen data, the group has also been active on the darknet distributing stolen data for free. Recently, the hacking group offered 28 databases for free on the hacking forums. According to SC Magazine, the databases contained details of targets from countries such as Mexico, Iran, Indonesia, Sweden, France, Australia, and the U.S.
Last week, Bleeping Computer Reported that the hackers were offering another compromised data for sale on the darknet. This time, the stolen data was from Frost & Sullivan, a market research firm. Because the information was stored on an insecure backup folder, it was left open and available for anyone interested.
Hackers could launch phishing attacks with stolen data
A security expert at ESET, Jake Moore, pointed out that the stolen data can be used to launch more attacks in the future. He said it’s common for hackers to use breached data to attack systems in the future in a series of phishing campaigns. BMW or other partner organizations should be wary because the hackers can use the stolen information to target them and their customers when the opportunity presents itself.
He said the hackers can use phishing emails requesting more details to launch future identity theft of other attacks when they combine the information with records they have from the breach.
Therefore, owners of the affected cars should be cautious while opening emails and replying to anonymous messages. Once the hacker gets the additional information they need, they can put them together to launch phishing attacks that look very convincing to the victim.
“I would recommend any vehicle owner to be extremely cautious when opening emails suggesting they are from the likes of BMW and Mercedes from now on,” he warned
Moore said customers should be very careful and extra vigilant, especially when receiving unsolicited emails claiming to be from their manufacturer and requesting vital details from them. They will look very convincing and customers mustn’t respond to emails that don’t come directly from their manufacturer.
He added that most times, the hackers send links of properly cloned sites, so it’s important to avoid clicking links from emails even if they look genuine, he concluded. Rather, the customers should contact the manufacturers directly for any issue or confirmation of any email message.